|
17 | 17 |
|
18 | 18 |
|
19 | 19 | class TokenData(NamedTuple): |
20 | | - """Immutable snapshot of token state. |
21 | | -
|
22 | | - Storing token, expiry, and scheme together as a single object |
23 | | - ensures that validity checks and token reads are always consistent, |
24 | | - eliminating TOCTOU races between ``get_token`` and |
25 | | - ``invalidate_token``. |
26 | | - """ |
| 20 | + """Immutable snapshot of token state.""" |
27 | 21 |
|
28 | 22 | access_token: str |
29 | 23 | expires_at: float |
@@ -136,7 +130,6 @@ def _refresh_token(self) -> None: |
136 | 130 | access_token: str = raw["access_token"] |
137 | 131 | expires_in: int = raw.get("expires_in", 3600) # Default 1 hour |
138 | 132 | token_type = raw.get("token_type", "Bearer") |
139 | | - # Preserve server-provided casing, only strip whitespace |
140 | 133 | scheme: str = token_type.strip() if token_type else "Bearer" |
141 | 134 | self._token_data = TokenData( |
142 | 135 | access_token=access_token, |
@@ -180,14 +173,7 @@ def invalidate_token(self) -> None: |
180 | 173 |
|
181 | 174 |
|
182 | 175 | class _AutoRefreshTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin): |
183 | | - """gRPC auth plugin that fetches a fresh token for every RPC. |
184 | | -
|
185 | | - The plugin delegates to ``CredentialHelper.get_token()`` which |
186 | | - handles caching, expiry checks, and thread-safe refresh internally. |
187 | | - This callback is invoked by gRPC on a *separate* thread, so the |
188 | | - underlying ``CredentialHelper`` must use ``threading.Lock`` (not |
189 | | - ``asyncio.Lock``). |
190 | | - """ |
| 176 | + """gRPC auth plugin that fetches a fresh token for every RPC.""" |
191 | 177 |
|
192 | 178 | def __init__(self, credential_helper: CredentialHelper) -> None: |
193 | 179 | """Initialize with a credential helper. |
@@ -247,12 +233,6 @@ async def create_channel_with_credentials( |
247 | 233 | ------ |
248 | 234 | InvalidHostError: If host is empty |
249 | 235 |
|
250 | | - Note: |
251 | | - ---- |
252 | | - OAuth errors are no longer raised at channel-creation time. |
253 | | - Instead, they surface as RPC errors when the per-request auth |
254 | | - metadata plugin attempts to acquire a token. |
255 | | -
|
256 | 236 | """ |
257 | 237 | if not host: |
258 | 238 | raise InvalidHostError(InvalidHostError.default_message) |
|
0 commit comments